PT-2005-3206 · Mailenable · Mailenable Professional

Ariel Sanchez

Published

2005-07-17

Updated

2016-10-18

CVE-2005-2278

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: MailEnable Professional version 1.54

Description: The issue is a stack-based buffer overflow in the IMAP daemon (imapd) that allows remote authenticated users to execute arbitrary code. This is achieved by sending a status command with a long mailbox name.

Recommendations: For MailEnable Professional version 1.54, update to a version that fixes this issue to prevent remote authenticated users from executing arbitrary code.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2278

Affected Products

Mailenable Professional

PT-2005-3206 · Mailenable · Mailenable Professional

CVE-2005-2278

Related Identifiers

Affected Products

References · 5